5 matches found
CVE-2019-10099
Prior to Spark 2.3.3, in certain situations Spark would write user data to local disk unencrypted, even if spark.io.encryption.enabled=true. This includes cached blocks that are fetched to disk controlled by spark.maxRemoteBlockSizeFetchToMem; in SparkR, using parallelize; in Pyspark, using...
ae.teletronics.nlp:entityextraction (=1.3), ae.teletronics.nlp:w2vec (=1.0) +1038 more potentially affected by CVE-2019-10099 via org.apache.spark:spark-core_2.11 (>=1.2.0 <=2.3.2)
org.apache.spark:spark-core2.11 MAVEN version =1.2.0, =0.25, =0.42.1, =1.4.1, =1.4.1, =1.4.1, =1.4.1, =1.4.1, =1.4.1, =1.4.1, =1.4.1, =1.4.1, =1.4.3 and more Source cves: CVE-2019-10099 Source advisory: OSV:GHSA-FP5J-3FPF-MHJ5...
analytics-zoo (>=0.2.0 <=0.4.0), azureml-webservice-schema (>=0.1.57 <=1.0.33) +9 more potentially affected by CVE-2019-10099 via pyspark (>=2.1.2 <=2.3.2)
pyspark PYPI version =2.1.2, =0.2.0, =0.1.57, =0.8.0, =0.2.1, =2.0.3, =1.0.0rc2, =0.2.0, =0.2.4 Source cves: CVE-2019-10099 Source advisory: OSV:GHSA-FP5J-3FPF-MHJ5...
analytics-zoo (>=0.2.0 <=0.4.0), azureml-webservice-schema (>=0.1.57 <=1.0.33) +9 more potentially affected by CVE-2019-10099 via pyspark (>=2.1.2 <=2.3.2)
pyspark PYPI version =2.1.2, =0.2.0, =0.1.57, =0.8.0, =0.2.1, =2.0.3, =1.0.0rc2, =0.2.0, =0.2.4 Source cves: CVE-2019-10099 Source advisory: OSV:PYSEC-2019-114...
CVE-2019-10099
CVE-2019-10099 affects Apache Spark deployments running versions prior to 2.3.3. In certain scenarios, Spark could write user data to local disk unencrypted despite spark.io.encryption.enabled=true. The issue encompasses cached blocks written to disk (controlled by spark.maxRemoteBlockSizeFetchTo...